Splunk Search

Create unique field counts from comma deliminated line

chablist
New Member

I have a log file that always has the same structure of:
time1,time2,groupNumber

eg:
355350224,338837556,2
1355350228,338837557,2
1355312572,338828143,4
1355350212,338837553,4
1355350216,338837554,4
1355350220,338837555,4
1355350224,338837556,4
1355310304,338827576,5

I want to perform a search such that i can get a count for each of the unique groupNumbers for a report to be able to return something like:

2: 2
4: 5
5: 1

Tags (1)
0 Karma
1 Solution

Ayn
Legend
... | stats count by groupNumber

View solution in original post

0 Karma

Ayn
Legend
... | stats count by groupNumber
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...